From 089c96ab3ad470424581e56808ccf7196711b413 Mon Sep 17 00:00:00 2001 From: Sergey Safarov Date: Fri, 22 Sep 2017 10:05:01 -0400 Subject: [PATCH] pkg/kamailio/alpine_docker: Added docker packaging scripts --- pkg/kamailio/alpine_docker/Dockerfile | 6 + pkg/kamailio/alpine_docker/README.md | 91 ++++++++++++++ pkg/kamailio/alpine_docker/build.sh | 137 +++++++++++++++++++++ pkg/kamailio/alpine_docker/entrypoint.sh | 14 +++ pkg/kamailio/alpine_docker/hooks/pre_build | 14 +++ 5 files changed, 262 insertions(+) create mode 100644 pkg/kamailio/alpine_docker/Dockerfile create mode 100644 pkg/kamailio/alpine_docker/README.md create mode 100755 pkg/kamailio/alpine_docker/build.sh create mode 100755 pkg/kamailio/alpine_docker/entrypoint.sh create mode 100755 pkg/kamailio/alpine_docker/hooks/pre_build diff --git a/pkg/kamailio/alpine_docker/Dockerfile b/pkg/kamailio/alpine_docker/Dockerfile new file mode 100644 index 00000000000..7b55b404ffa --- /dev/null +++ b/pkg/kamailio/alpine_docker/Dockerfile @@ -0,0 +1,6 @@ +FROM scratch + +ADD kamailio_img.tar.gz / +COPY entrypoint.sh / + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/pkg/kamailio/alpine_docker/README.md b/pkg/kamailio/alpine_docker/README.md new file mode 100644 index 00000000000..c5c7e074e08 --- /dev/null +++ b/pkg/kamailio/alpine_docker/README.md @@ -0,0 +1,91 @@ +About +----- + +Container designed to run on host, bridge and swarm network. +Size of container decreased to 50MB (23MB compressed) +Significantly increased security - removed all libs except libc, busybox, tcpdump, dumpcap, kamailio and dependent libs. +Docker container is created useing Alpine linux packaging + +Used environment variables +-------------------------- + +1. ```SHM_MEMORY``` - amount of shared memory to allocate for the running Kamailio server (in Mb), default value 64Mb; +2. ```PKG_MEMORY``` - amount of per-process (package) memory to allocate for Kamailio (in Mb), default value 8Mb + +Usage container +--------------- + +```sh +docker run --net=host --name kamailio \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio +``` + +systemd unit file +----------------- + +You can use this systemd unit files on your docker host. +Unit file can be placed to ```/etc/systemd/system/kamailio-docker.service``` and enabled by commands +```sh +systemd start kamailio-docker.service +systemd enable kamailio-docker.service +``` + +host network +============ + +```sh +$ cat /etc/systemd/system/kamailio-docker.service +[Unit] +Description=kamailio Container +After=docker.service network-online.target +Requires=docker.service + + +[Service] +Restart=always +TimeoutStartSec=0 +#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions +ExecStart=/bin/sh -c 'docker rm -f kamailio; \ + docker run -t --net=host --name kamailio \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio' +ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \ + /usr/bin/docker rm -f kamailio;' + +[Install] +WantedBy=multi-user.target +``` + +default bridge network +====================== +```sh +[Unit] +Description=kamailio Container +After=docker.service network-online.target +Requires=docker.service + + +[Service] +Restart=always +TimeoutStartSec=0 +#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions +ExecStart=/bin/sh -c 'docker rm -f kamailio; \ + docker run -t --network bridge --name kamailio \ + -p 5060:5060/udp -p 5060:5060 \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio' + +ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \ + /usr/bin/docker rm -f kamailio;' + +[Install] +WantedBy=multi-user.target +``` + +.bashrc file +------------ +To simplify kamailio managment you can add alias for ```kamctl``` to ```.bashrc``` file as example bellow. +```sh +alias kamctl='docker exec -i -t kamailio /usr/sbin/kamctl' +``` diff --git a/pkg/kamailio/alpine_docker/build.sh b/pkg/kamailio/alpine_docker/build.sh new file mode 100755 index 00000000000..ea1cd536252 --- /dev/null +++ b/pkg/kamailio/alpine_docker/build.sh @@ -0,0 +1,137 @@ +#!/bin/sh -e + +# This script is wrote by Sergey Safarov + +BUILD_ROOT=/tmp/kamailio +FILELIST=/tmp/filelist +FILELIST_BINARY=/tmp/filelist_binary +TMP_TAR=/tmp/kamailio_min.tar.gz +IMG_TAR=kamailio_img.tar.gz + +prepare_build() { +apk add --no-cache abuild git gcc build-base bison flex expat-dev postgresql-dev pcre-dev mariadb-dev \ + libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev lua-dev openldap-dev \ + libressl-dev net-snmp-dev libuuid libev-dev jansson-dev json-c-dev libevent-dev linux-headers \ + libmemcached-dev rabbitmq-c-dev hiredis-dev libmaxminddb-dev libunistring-dev + + adduser -D build && addgroup build abuild + echo "%abuild ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/abuild + su - build -c "git config --global user.name 'Your Full Name'" + su - build -c "git config --global user.email 'your@email.address'" + su - build -c "abuild-keygen -a -i" +} + +build_and_install(){ + if [ ! -z "$GIT_TAG" ]; then + sed -i -e "s/^_gitcommit=.*/_gitcommit=$GIT_TAG/" /usr/src/kamailio/pkg/kamailio/alpine/APKBUILD + fi + chown -R build /usr/src/kamailio + su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild snapshot" + su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild -r" + cd /home/build/packages/kamailio/x86_64 + ls -1 kamailio-*.apk | xargs apk --no-cache --allow-untrusted add +} + +list_installed_kamailio_packages() { + apk info | grep kamailio +} + +kamailio_files() { + local PACKAGES + PACKAGES=$(apk info | grep kamailio) + PACKAGES="musl $PACKAGES" + for pkg in $PACKAGES + do + # list package files and filter package name + apk info --contents $pkg 2> /dev/null | sed -e '/\S\+ contains:/d' -e '/^$/d' -e 's/^/\//' + done +} + +extra_files() { + cat << EOF +/etc +/bin +/bin/busybox +/usr/bin +/usr/bin/dumpcap +/usr/lib +/usr/sbin +/usr/sbin/tcpdump +/var +/var/run +/run +EOF +} + +sort_filelist() { + sort $FILELIST | uniq > $FILELIST.new + mv -f $FILELIST.new $FILELIST +} + +filter_unnecessary_files() { +# excluded following files and directories recursive +# /usr/lib/debug/usr/lib/kamailio/ +# /usr/share/doc/kamailio +# /usr/share/man +# /usr/share/snmp + + sed -i \ + -e '\|^/usr/lib/debug/|d' \ + -e '\|^/usr/share/doc/kamailio/|d' \ + -e '\|^/usr/share/man/|d' \ + -e '\|^/usr/share/snmp/|d' \ + $FILELIST +} + +ldd_helper() { + TESTFILE=$1 + LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE 2> /dev/null > /dev/null || return + + LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE | sed -e 's/^.* => //' -e 's/ (.*)//' -e 's/\s\+//' -e '/^ldd$/d' +} + +find_binaries() { + rm -f $FILELIST_BINARY + set +e + for f in $(cat $FILELIST) + do + ldd_helper /$f >> $FILELIST_BINARY + done + set -e + sort $FILELIST_BINARY | sort | uniq > $FILELIST_BINARY.new + mv -f $FILELIST_BINARY.new $FILELIST_BINARY + + # Resolving simbolic links + cat $FILELIST_BINARY | xargs realpath > $FILELIST_BINARY.new + mv -f $FILELIST_BINARY.new $FILELIST_BINARY +} + +tar_files() { + local TARLIST=/tmp/tarlist + cat $FILELIST > $TARLIST + cat $FILELIST_BINARY >> $TARLIST + tar -czf $TMP_TAR --no-recursion -T $TARLIST + rm -f $TARLIST +} + +make_image_tar() { + mkdir -p $BUILD_ROOT + cd $BUILD_ROOT + tar xzf $TMP_TAR + /bin/busybox --install -s bin + sed -i -e '/mi_fifo/d' etc/kamailio/kamailio.cfg + tar czf /usr/src/kamailio/pkg/kamailio/alpine_docker/$IMG_TAR * +} + +prepare_build +build_and_install +#install PCAP tools +apk add --no-cache wireshark-common tcpdump + +kamailio_files > $FILELIST +extra_files >> $FILELIST +sort_filelist +filter_unnecessary_files +find_binaries +tar_files +make_image_tar diff --git a/pkg/kamailio/alpine_docker/entrypoint.sh b/pkg/kamailio/alpine_docker/entrypoint.sh new file mode 100755 index 00000000000..3720d06984b --- /dev/null +++ b/pkg/kamailio/alpine_docker/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Created by Sergey Safarov +# + +SHM_MEMORY=${SHM_MEMORY:-64} +PKG_MEMORY=${PKG_MEMORY:-8} +trap 'kill -SIGTERM "$pid"' SIGTERM + +/usr/sbin/kamailio -DD -E -m $SHM_MEMORY -M $PKG_MEMORY & +pid="$!" + +wait $pid +exit 0 diff --git a/pkg/kamailio/alpine_docker/hooks/pre_build b/pkg/kamailio/alpine_docker/hooks/pre_build new file mode 100755 index 00000000000..88be0662c68 --- /dev/null +++ b/pkg/kamailio/alpine_docker/hooks/pre_build @@ -0,0 +1,14 @@ +#!/bin/bash -e + +echo "=> Build Kamailio source code" + +if [ ! -z "$SOURCE_BRANCH" ];then + ENV_OPT="-e SOURCE_BRANCH=$SOURCE_BRANCH" +fi + +if [ ! -z "$GIT_TAG" ];then + ENV_OPT="$ENV_OPT -e GIT_TAG=$GIT_TAG" +fi + +docker run --volume=`pwd`/../../..:/usr/src/kamailio --volume=`pwd`/build.sh:/build.sh --entrypoint=/build.sh $ENV_OPT alpine:edge +exit $?